Cisco Unified Personal Communicator (CUPC) Photos

Document

There are two ways to get photos to display on CUPC when placing/receiving a call as well as under contact details. The fist method is using the Active Directory (AD) attribute jpegPhoto and the second is using a web server to host the pictures. This guide is based on using Cisco Unified Personal Communicator (CUPC) 7 and the Cisco Unified Presence Server (CUPS) 7.

Using Active Directory and the jpegPhoto Attribute

There are many ways to get users pictures imported into AD but here is one of the easiest. Download the Active Directory Bulk User Import tool from http://www.dovestones.com (free trial for 10 users). Next create a CSV file for the application that should look like this (file named photo.csv):

sAMAccountName,Modify,jpegPhoto

joe,TRUE,c:\pic\%username%.jpg

user2,TRUE,c:\%username%.jpg

Make sure the photos are in the location you're pointing to, here it's c:\pic\ and the file name is the same as the sAMAccountName (joe and user2), so an example picture file name is joe.jpg.

From the AD Bulk Users tool by Dovestones Software, go to File > Select File, and select the photo.csv file. Click on the Settings tab on the AD Bulk Users tool and enter in your Domain Controller information. I just put in the IP address, username, password, and the destination container where my users are located (CN=Users,DC=cisco,DC=lab). Click "Test Connection" when finished to make sure the connection works. Then on the bottom of the screen click the "Validate" button, if it passes click the "Import" button. The photo for each user should be added to AD now.

To check if the photo is uploaded, use ADSI Edit to locate the user and check the properties on the user. Find the jpegPhoto Attribute and there should be a value as an octet string in hex (if you see <Not Set> then the import did not work). Also make sure the default settings in ADSI Edit for the jpegPhoto attribute security settings (under the Schema section) are set to allow Read and Special Permissions for Authenticated Users. For the SYSTEM user I have Full Control, Read, and Write allowed. The Schema Admins should have Read, Write, and Special Permissions allowed. These are the default settings incase someone's changed them. The schema permissions can be found in this document: http://www.cisco.com/en/US/docs/voice_ip_comm/cupc/7_0/english/troubleshooting/guide/trouble.html

Now that images are in AD there's one last trick. Make sure for AD 2003 that the Cisco Unified Presence Server (CUPS) under Application > Cisco Unified Personal Communicator > Settings, you have the "Photo" UPC User Field set to "jpegPhoto" (if it's AD 2000 it should be thumbnailPhoto). Lastly on CUPS under Application > Cisco Unified Personal Communicator > LDAP Server, make sure the port for the server connection is set to 389 and NOT 3268. This is because "the jpegPhoto attribute is not available in Microsoft Active Directory Global Catalog server, and this attribute is not indexed” (http://msdn2.microsoft.com/en-us/library/ms676813.aspx). If your LDAP configuration uses Global Catalog port 3268, the jpegPhoto is not retrievable. Instead, change the configuration in Cisco Unified Presence Administration (Application > Cisco Unified Personal Communicator > LDAP Server) to TCP and port 389.

Now exit Cisco Unified Personal Communicator (CUPC), and then log back in and the photo should work.

Using a Web Server and URL for Photos

The alternative and easier way to get this working is to simply host the photos on a web server. The web server should point to the location where the photos are stored (c:\pic\ from the above example). The file name should still match the sAMAccountName as before.

Any web server can be used for this. To use an Exchange server’s web service to host the photos, open Internet Information Services (IIS), create a new virtual directory under Default Web Sites. Set the local path to be where the photos are stored on the local disk "c:\pic\". Make sure under the Directory Security tab, click edit on Authentication and access control, then set "Enable anonymous access" and also enter the IUSR_<computer name> user name and then the password in there. Lastly go to the directory c:\pic\ and set the security on the directory to add the "Internet Guest Account (IUSR_<computer name>) user. Lastly on the directory set allow for all permissions. This will likely work with fewer permissions but this is just a quick way to get it to work.

Restart IIS when finished. You should be able to access http://<web_server_ip>/pic/joe.jpg (where joe is the sAMAccountName of a user) on your server and see the picture. The URL is /pic/joe.jpg because pic is the virtual directory. Each time any of the CUPC LDAP Attribute Mappings are changed, CUPC clients have to logout and log back in to download the new mapping. After a exiting CUPC log back in and the pictures should work.